https://bugzilla.novell.com/show_bug.cgi?id=242520 ------- Comment #8 from rhafer@novell.com 2007-02-13 06:09 MST ------- (In reply to comment #7)
So with "compat", we have to live with the overhead. Then I would rather go for the "files ldap" approach and live with the requirement to reboot the machine. That is just a one-time thing, while the overhead of nss_compat would always be present and can get quite big in large environments.
We would also need a way to disallow non-local user shell access on a machine, while still having access to other service (e.g. imap). It should be possible with nss_override_attribute_value in /etc/ldap.conf which is new in nss_ldap since some releases. It might also be possible through pam_ldap (with a combination of pam_check_host_attr and pam_check_service_attr). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.